View Javadoc
1 package org.apache.turbine.modules.actions; 2 3 /* ==================================================================== 4 * The Apache Software License, Version 1.1 5 * 6 * Copyright (c) 2001 The Apache Software Foundation. All rights 7 * reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in 18 * the documentation and/or other materials provided with the 19 * distribution. 20 * 21 * 3. The end-user documentation included with the redistribution, 22 * if any, must include the following acknowledgment: 23 * "This product includes software developed by the 24 * Apache Software Foundation (http://www.apache.org/)." 25 * Alternately, this acknowledgment may appear in the software itself, 26 * if and wherever such third-party acknowledgments normally appear. 27 * 28 * 4. The names "Apache" and "Apache Software Foundation" and 29 * "Apache Turbine" must not be used to endorse or promote products 30 * derived from this software without prior written permission. For 31 * written permission, please contact apache@apache.org. 32 * 33 * 5. Products derived from this software may not be called "Apache", 34 * "Apache Turbine", nor may "Apache" appear in their name, without 35 * prior written permission of the Apache Software Foundation. 36 * 37 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED 38 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 39 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 40 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR 41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 43 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 44 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 45 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 46 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 47 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 48 * SUCH DAMAGE. 49 * ==================================================================== 50 * 51 * This software consists of voluntary contributions made by many 52 * individuals on behalf of the Apache Software Foundation. For more 53 * information on the Apache Software Foundation, please see 54 * <http://www.apache.org/>;. 55 */ 56 57 // Turbine Utility Classes 58 import org.apache.turbine.modules.Action; 59 import org.apache.turbine.services.security.TurbineSecurity; 60 import org.apache.turbine.util.RunData; 61 import org.apache.turbine.util.security.AccessControlList; 62 63 64 /*** 65 * This action doPerforms an Access Control List and places it into 66 * the RunData object, so it is easily available to modules. The ACL 67 * is also placed into the session. Modules can null out the ACL to 68 * force it to be rebuilt based on more information. 69 * 70 * <p> 71 * 72 * Turbine uses a User-Role-Permission arrangement for access control. 73 * Users are assigned Roles. Roles are assigned Permissions. Turbine 74 * modules then check the Permission required for an action or 75 * information with the set of Permissions currently associated with 76 * the session (which are dependent on the user associated with the 77 * session.) 78 * 79 * <p> 80 * 81 * The criteria for assigning Roles/Permissions is application 82 * dependent, in some cases an application may change a User's Roles 83 * during the session. To achieve flexibility, the ACL takes an 84 * Object parameter, which the application can use to doPerform the 85 * ACL. 86 * 87 * <p> 88 * 89 * This action is special in that it should only be executed by the 90 * Turbine servlet. 91 * 92 * @author <a href="mailto:john.mcnally@clearink.com">John D. McNally</a> 93 * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a> 94 * @version $Id: AccessController.java,v 1.1.1.1 2001/08/16 05:08:31 jvanzyl Exp $ 95 */ 96 public class AccessController extends Action 97 { 98 /*** 99 * If there is a user and the user is logged in, doPerform will 100 * set the RunData ACL. The list is first sought from the current 101 * session, otherwise it is loaded through 102 * <code>TurbineSecurity.getACL()</code> and added to the current 103 * session. 104 * 105 * @see org.apache.turbine.services.security.TurbineSecurity 106 * @param data Turbine information. 107 * @exception Exception, a generic exception. 108 */ 109 public void doPerform( RunData data ) 110 throws Exception 111 { 112 if ( data.getUser() != null && data.getUser().hasLoggedIn() ) 113 { 114 AccessControlList acl = (AccessControlList) 115 data.getSession().getValue(AccessControlList.SESSION_KEY); 116 if ( acl == null ) 117 { 118 acl = TurbineSecurity.getACL( data.getUser() ); 119 data.getSession().putValue( AccessControlList.SESSION_KEY, 120 (Object)acl ); 121 } 122 data.setACL(acl); 123 } 124 } 125 }

This page was automatically generated by Maven